An arbitrary command injection vulnerability in the Cluster Server component of Veritas InfoScale allows an unauthenticated remote attacker to execute arbitrary commands as root or administrator. These Veritas products are affected: Access 7.4.2 and earlier, Access Appliance 7.4.2 and earlier, Flex Appliance 1.2 and earlier, InfoScale 7.3.1 and earlier, InfoScale between 7.4.0 and 7.4.1, Veritas Cluster Server (VCS) 6.2.1 and earlier on Linux/UNIX, Veritas Cluster Server (VCS) 6.1 and earlier on Windows, Storage Foundation HA (SFHA) 6.2.1 and earlier on Linux/UNIX, and Storage Foundation HA (SFHA) 6.1 and earlier on Windows.
References
Link | Resource |
---|---|
https://www.veritas.com/content/support/en_US/security/VTS19-003 | Patch Vendor Advisory |
https://www.veritas.com/content/support/en_US/security/VTS19-004 | Patch Vendor Advisory |
https://www.veritas.com/content/support/en_US/security/VTS19-005 | Patch Vendor Advisory |
https://www.veritas.com/content/support/en_US/security/VTS19-006 | Patch Vendor Advisory |
https://www.veritas.com/content/support/en_US/security/VTS19-003 | Patch Vendor Advisory |
https://www.veritas.com/content/support/en_US/security/VTS19-004 | Patch Vendor Advisory |
https://www.veritas.com/content/support/en_US/security/VTS19-005 | Patch Vendor Advisory |
https://www.veritas.com/content/support/en_US/security/VTS19-006 | Patch Vendor Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
History
21 Nov 2024, 04:33
Type | Values Removed | Values Added |
---|---|---|
References | () https://www.veritas.com/content/support/en_US/security/VTS19-003 - Patch, Vendor Advisory | |
References | () https://www.veritas.com/content/support/en_US/security/VTS19-004 - Patch, Vendor Advisory | |
References | () https://www.veritas.com/content/support/en_US/security/VTS19-005 - Patch, Vendor Advisory | |
References | () https://www.veritas.com/content/support/en_US/security/VTS19-006 - Patch, Vendor Advisory |
Information
Published : 2019-11-05 20:15
Updated : 2024-11-21 04:33
NVD link : CVE-2019-18780
Mitre link : CVE-2019-18780
CVE.ORG link : CVE-2019-18780
JSON object : View
Products Affected
veritas
- infoscale
- access_appliance
- storage_foundation_ha
- access
- cluster_server
- flex_appliance
linux
- linux_kernel
microsoft
- windows
CWE
CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')